c5d9566e11938490f3e49f34b61ae47225b10833d9aeba17c92c7119c6a16a7b

Submit
Reports

Overview

overview

Static

static

Collapse -...1).rar

windows7-x64

Collapse -...1).rar

windows10-2004-x64

Collapse -...se.exe

windows7-x64

Collapse -...se.exe

windows10-2004-x64

Collapse -...er.dll

windows7-x64

Collapse -...er.dll

windows10-2004-x64

Collapse -...ne.txt

windows7-x64

Collapse -...ne.txt

windows10-2004-x64

Collapse -...pi.txt

windows7-x64

Collapse -...pi.txt

windows10-2004-x64

Collapse -...sh.txt

windows7-x64

Collapse -...sh.txt

windows10-2004-x64

Collapse -...rt.txt

windows7-x64

Collapse -...rt.txt

windows10-2004-x64

Collapse -...ve.cmd

windows7-x64

Collapse -...ve.cmd

windows10-2004-x64

Collapse -...rt.dll

windows7-x64

Collapse -...rt.dll

windows10-2004-x64

Collapse -...32.sys

windows10-2004-x64

Collapse -...64.sys

windows10-2004-x64

Collapse -...pi.exe

windows7-x64

Collapse -...pi.exe

windows10-2004-x64

Collapse -...rt.dll

windows7-x64

Collapse -...rt.dll

windows10-2004-x64

Collapse -...64.sys

windows10-2004-x64

Collapse -...pi.exe

windows7-x64

Collapse -...pi.exe

windows10-2004-x64

Collapse -...es.txt

windows7-x64

Collapse -...es.txt

windows10-2004-x64

Collapse -...ne.txt

windows7-x64

Collapse -...ne.txt

windows10-2004-x64

Collapse -...pi.txt

windows7-x64

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-01-2025 07:42

Sharing

Copy URL

Twitter E-mail

Static task

static1

stealc

2 signatures

Behavioral task

behavioral1

Sample

Collapse - update3.5.1 (1).rar

Resource

win7-20240903-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

Collapse - update3.5.1 (1).rar

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

Collapse - update3.5.1/Collapse.exe

Resource

win7-20240903-en

lumma discovery stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral4

Sample

Collapse - update3.5.1/Collapse.exe

Resource

win10v2004-20241007-en

lumma discovery stealer

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral5

Sample

Collapse - update3.5.1/bin/WindowsManager.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

Collapse - update3.5.1/bin/WindowsManager.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

Collapse - update3.5.1/bin/licenses/LICENSE-getline.txt

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

Collapse - update3.5.1/bin/licenses/LICENSE-getline.txt

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

Collapse - update3.5.1/bin/licenses/LICENSE-goodbyedpi.txt

Resource

win7-20241010-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

Collapse - update3.5.1/bin/licenses/LICENSE-goodbyedpi.txt

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

Collapse - update3.5.1/bin/licenses/LICENSE-uthash.txt

Resource

win7-20240708-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

Collapse - update3.5.1/bin/licenses/LICENSE-uthash.txt

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

Collapse - update3.5.1/bin/licenses/LICENSE-windivert.txt

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

Collapse - update3.5.1/bin/licenses/LICENSE-windivert.txt

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

Collapse - update3.5.1/bin/service_remove.cmd

Resource

win7-20241010-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

Collapse - update3.5.1/bin/service_remove.cmd

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

Collapse - update3.5.1/bin/x86/WinDivert.dll

Resource

win7-20240903-en

discovery

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral18

Sample

Collapse - update3.5.1/bin/x86/WinDivert.dll

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral19

Sample

Collapse - update3.5.1/bin/x86/WinDivert32.sys

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

Collapse - update3.5.1/bin/x86/WinDivert64.sys

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

Collapse - update3.5.1/bin/x86/goodbyedpi.exe

Resource

win7-20240903-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral22

Sample

Collapse - update3.5.1/bin/x86/goodbyedpi.exe

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral23

Sample

Collapse - update3.5.1/bin/x86_64/WinDivert.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

Collapse - update3.5.1/bin/x86_64/WinDivert.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

Collapse - update3.5.1/bin/x86_64/WinDivert64.sys

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

Collapse - update3.5.1/bin/x86_64/goodbyedpi.exe

Resource

win7-20240708-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral27

Sample

Collapse - update3.5.1/bin/x86_64/goodbyedpi.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral28

Sample

Collapse - update3.5.1/licenses.txt

Resource

win7-20241023-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

Collapse - update3.5.1/licenses.txt

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

Collapse - update3.5.1/mods/licenses/LICENSE-getline.txt

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

Collapse - update3.5.1/mods/licenses/LICENSE-getline.txt

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

Collapse - update3.5.1/mods/licenses/LICENSE-goodbyedpi.txt

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

Collapse - update3.5.1/bin/x86/goodbyedpi.exe
Size

98KB
MD5

9c3f16d5a0aff180f9d04ae6c0fe1f28
SHA1

c0febd0e54c2a335ee348233e9555eef4816663e
SHA256

66e202c9fce9e769e2bc791b7fd6f56f21eab59f607f4ed0724e0c68c430dd1f
SHA512

746ccd373f025d95ca4f55cb212ba6b259a6f17d7e2c5807940cc0d1d31ea61c943a6aa4fc91b2ec432ed1d04ffee4b4c3b78db2cdbb474399313bf26f56a4ac
SSDEEP

3072:wjnafjFO9vbnTrjP7HzfLXDvnTr3jP7HzfLXDvbnT/rjI3XLS84mUgIDJO:46RO9vbnTrjP7HzfLXDvnTr3jP7HzfL2

Score

1^/10

Malware Config

Signatures

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
472	Process not Found

Processes

C:\Users\Admin\AppData\Local\Temp\Collapse - update3.5.1\bin\x86\goodbyedpi.exe
"C:\Users\Admin\AppData\Local\Temp\Collapse - update3.5.1\bin\x86\goodbyedpi.exe"
1⤵
PID:1784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1784-1-0x0000000063D40000-0x0000000063D4F000-memory.dmp

Filesize
60KB

Download
memory/1784-0-0x00000000010F0000-0x0000000001111000-memory.dmp

Filesize
132KB

Download
memory/1784-4-0x00000000010F0000-0x0000000001111000-memory.dmp

Filesize
132KB

Download